Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal
The library has a serious issue in stable, because it tries to use AVX
without knowing if it is available or not.
The patch comes from upstream, and is part already of
sid/buster/stretch-bpo.
the full upstream analysis can be seen there:
https://github.com/BLAKE2/libb2/issues/13
Please accept the attached patch if possible.
diff -Nru libb2-0.97/debian/changelog libb2-0.97/debian/changelog
--- libb2-0.97/debian/changelog 2015-10-28 17:23:28.000000000 +0100
+++ libb2-0.97/debian/changelog 2018-08-15 22:33:56.000000000 +0200
@@ -1,3 +1,11 @@
+libb2 (0.97-2+deb9u1) stretch; urgency=medium
+
+ * debian/patches/60ea749837362c226e8501718f505ab138e5c19d.patch:
+ detect if the system can use AVX before actually using it
+ (Closes: #884958)
+
+ -- Gianfranco Costamagna <locutusofb...@debian.org> Wed, 15 Aug 2018
22:33:56 +0200
+
libb2 (0.97-2) unstable; urgency=medium
* debian/control: Point Vcs-Git at Alioth repo
diff -Nru
libb2-0.97/debian/patches/60ea749837362c226e8501718f505ab138e5c19d.patch
libb2-0.97/debian/patches/60ea749837362c226e8501718f505ab138e5c19d.patch
--- libb2-0.97/debian/patches/60ea749837362c226e8501718f505ab138e5c19d.patch
1970-01-01 01:00:00.000000000 +0100
+++ libb2-0.97/debian/patches/60ea749837362c226e8501718f505ab138e5c19d.patch
2018-08-15 22:33:56.000000000 +0200
@@ -0,0 +1,47 @@
+From 60ea749837362c226e8501718f505ab138e5c19d Mon Sep 17 00:00:00 2001
+From: Samuel Neves <sne...@dei.uc.pt>
+Date: Mon, 25 Dec 2017 12:34:30 +0000
+Subject: [PATCH] detect whether the operating system can use AVX
+
+---
+ src/blake2-dispatch.c | 19 ++++++++++++++++++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/src/blake2-dispatch.c b/src/blake2-dispatch.c
+index 2b1ccc8..96bb340 100644
+--- a/src/blake2-dispatch.c
++++ b/src/blake2-dispatch.c
+@@ -63,6 +63,18 @@ static inline void cpuid( uint32_t *eax, uint32_t *ebx,
uint32_t *ecx, uint32_t
+ : "=a"( *eax ), "=b"( *ebx ), "=c"( *ecx ), "=d"( *edx ) : "a"( *eax ) );
+ #endif
+ }
++
++static inline uint64_t xgetbv(uint32_t xcr)
++{
++ uint32_t a, d;
++ __asm__ __volatile__(
++ "xgetbv"
++ : "=a"(a),"=d"(d)
++ : "c"(xcr)
++ );
++ return ((uint64_t)d << 32) | a;
++}
++
+ #elif defined(_MSC_VER)
+ #include <intrin.h>
+ static inline void cpuid( uint32_t *eax, uint32_t *ebx, uint32_t *ecx,
uint32_t *edx )
+@@ -106,8 +118,13 @@ static inline cpu_feature_t get_cpu_features( void )
+ if( IsProcessorFeaturePresent(17) ) /* Some environments don't know about
PF_XSAVE_ENABLED */
+ #endif
+ {
+- if( 1 & ( ecx >> 28 ) )
++ /* check for AVX and OSXSAVE bits */
++ if( 1 & ( ecx >> 28 ) & (ecx >> 27) ) {
++#if !defined(WIN32) /* Already checked for this in WIN32 */
++ if( (xgetbv(0) & 6) == 6 ) /* XCR0 */
++#endif
+ feature = AVX;
++ }
+
+
+ eax = 0x80000001;
diff -Nru libb2-0.97/debian/patches/series libb2-0.97/debian/patches/series
--- libb2-0.97/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libb2-0.97/debian/patches/series 2018-08-15 22:33:56.000000000 +0200
@@ -0,0 +1 @@
+60ea749837362c226e8501718f505ab138e5c19d.patch
diff -Nru libb2-0.97/debian/changelog libb2-0.97/debian/changelog
--- libb2-0.97/debian/changelog 2015-10-28 17:23:28.000000000 +0100
+++ libb2-0.97/debian/changelog 2018-08-15 22:33:56.000000000 +0200
@@ -1,3 +1,11 @@
+libb2 (0.97-2+deb9u1) stretch; urgency=medium
+
+ * debian/patches/60ea749837362c226e8501718f505ab138e5c19d.patch:
+ detect if the system can use AVX before actually using it
+ (Closes: #884958)
+
+ -- Gianfranco Costamagna <locutusofb...@debian.org> Wed, 15 Aug 2018
22:33:56 +0200
+
libb2 (0.97-2) unstable; urgency=medium
* debian/control: Point Vcs-Git at Alioth repo
diff -Nru
libb2-0.97/debian/patches/60ea749837362c226e8501718f505ab138e5c19d.patch
libb2-0.97/debian/patches/60ea749837362c226e8501718f505ab138e5c19d.patch
--- libb2-0.97/debian/patches/60ea749837362c226e8501718f505ab138e5c19d.patch
1970-01-01 01:00:00.000000000 +0100
+++ libb2-0.97/debian/patches/60ea749837362c226e8501718f505ab138e5c19d.patch
2018-08-15 22:33:56.000000000 +0200
@@ -0,0 +1,47 @@
+From 60ea749837362c226e8501718f505ab138e5c19d Mon Sep 17 00:00:00 2001
+From: Samuel Neves <sne...@dei.uc.pt>
+Date: Mon, 25 Dec 2017 12:34:30 +0000
+Subject: [PATCH] detect whether the operating system can use AVX
+
+---
+ src/blake2-dispatch.c | 19 ++++++++++++++++++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/src/blake2-dispatch.c b/src/blake2-dispatch.c
+index 2b1ccc8..96bb340 100644
+--- a/src/blake2-dispatch.c
++++ b/src/blake2-dispatch.c
+@@ -63,6 +63,18 @@ static inline void cpuid( uint32_t *eax, uint32_t *ebx,
uint32_t *ecx, uint32_t
+ : "=a"( *eax ), "=b"( *ebx ), "=c"( *ecx ), "=d"( *edx ) : "a"( *eax ) );
+ #endif
+ }
++
++static inline uint64_t xgetbv(uint32_t xcr)
++{
++ uint32_t a, d;
++ __asm__ __volatile__(
++ "xgetbv"
++ : "=a"(a),"=d"(d)
++ : "c"(xcr)
++ );
++ return ((uint64_t)d << 32) | a;
++}
++
+ #elif defined(_MSC_VER)
+ #include <intrin.h>
+ static inline void cpuid( uint32_t *eax, uint32_t *ebx, uint32_t *ecx,
uint32_t *edx )
+@@ -106,8 +118,13 @@ static inline cpu_feature_t get_cpu_features( void )
+ if( IsProcessorFeaturePresent(17) ) /* Some environments don't know about
PF_XSAVE_ENABLED */
+ #endif
+ {
+- if( 1 & ( ecx >> 28 ) )
++ /* check for AVX and OSXSAVE bits */
++ if( 1 & ( ecx >> 28 ) & (ecx >> 27) ) {
++#if !defined(WIN32) /* Already checked for this in WIN32 */
++ if( (xgetbv(0) & 6) == 6 ) /* XCR0 */
++#endif
+ feature = AVX;
++ }
+
+
+ eax = 0x80000001;
diff -Nru libb2-0.97/debian/patches/series libb2-0.97/debian/patches/series
--- libb2-0.97/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libb2-0.97/debian/patches/series 2018-08-15 22:33:56.000000000 +0200
@@ -0,0 +1 @@
+60ea749837362c226e8501718f505ab138e5c19d.patch
